How to get rkhunter PORT_WHITELIST='* ...' to work on Ubuntu 16.04?

Question

My /etc/rkhunter.conf.local contains this line:

PORT_WHITELIST='* TCP:7000'

If I run rkhunter -c it appears that the star is being shell expanded:

root@willow / # rkhunter -c
Invalid entry specified in PORT_WHITELIST configuration option: bin
Invalid entry specified in PORT_WHITELIST configuration option: boot
...

Does anyone know a way around this? I am using rkhunter 1.4.2-5 and Ubuntu 16.04.

score 2 · Accepted Answer · answered Aug 21 '17 at 14:41

It looks like using the last rkhunter copies, you should update your conf from:

PORT_WHITELIST="/path/to/bin PROTO:PORT"

to:

PORT_PATH_WHITELIST="/path/to/bin"
PORT_WHITELIST="PROTO:PORT"

In your case:

PORT_PATH_WHITELIST="*" #or whatever bin binds to TCP:7000
PORT_WHITELIST="TCP:7000"

How to get rkhunter PORT_WHITELIST='* ...' to work on Ubuntu 16.04?

1 Answers1